CVE-2011-1164 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1164 : Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. CVE-2011-1165 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1165 : Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
CVE-2011-1165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1165): Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks. CVE-2011-1164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1164): Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
I guess we don't have a fix for the 2.x branch?
(In reply to Chris Reffett from comment #2) > I guess we don't have a fix for the 2.x branch? No, but we have 3.x versions already in stable
vino-3.8.1-r1 fixes this, bug #478252
This is fixed long time ago, then, maybe this could be closed (or, at least, Whiteboard be updated per security team policy as the vulnerable ebuilds are neither present)
All vulnerable versions removed from tree. GLSA Vote: No